Jase's Place

Well, I've confirmed on my test system, that a Go Daddy wildcard certificate will work on a VI3 (VirtualCenter 2.5 & ESX 3.5) system.

Let's say you already have a wildcard certificate in place on an IIS web server, and you'd like to use it in your VI3 environment.

First you'll need to export the cert from your IIS box, using the Certificates snap in.

Right click, then All Tasks, then Export, and Next on the first screen

Select "Yes, export the private key

"Personal Information Exchange - PKCS #12 (.PFX)" should be selected
And "Include all certificates in the certification path if possible" should be checked.

Enter your password here

Enter a filename for the exported cert. I called it wildcard.pfx

Click finish.

Now you'll need to use OpenSSL to convert the file you just generated.

I ran the openssl.exe from the path on my test system (C:\openssl\bin)

C:\openssl\bin\openssl.exe pkcs12 -in wildcard.pfx -out wildcard.txt -nodes. You will be asked for the password you entered when you were exporting the pfx.

Now open the wildcard.txt with Wordpad (notepad won't work). I use Win32Pad instead.

Grab the portion with the following:
-----BEGIN RSA PRIVATE KEY-----
(Block of Random Text)
-----END RSA PRIVATE KEY-----
And save this (notepad is fine for this) as rui.key

Grab the portion with the following:
-----BEGIN CERTIFICATE-----
(Block of Random Text)
-----END CERTIFICATE-----

And save this (notepad is fine for this) as rui.crt

Make sure you make a backup of the existing keys, in the case that something goes wrong with this process. They are located in the c:\Documents and Settings\All Users\Application Data\VMware\VMware VirtualCenter\SSL folder.

Now, rename the wildcard.pfx to rui.pfx. Copy rui.pfx, rui.crt, and rui.key files, to the above folder.

You'll then need to reinitialize the vpxd password. Run "vpxd.exe -p" again from a Dos box in the following folder:
c:\Program Files\VMware\Infrastructure\VirtualCenter Server

Then restart your VirtualCenter service.

You should then be able to log into your VirtualCenter server using a wildcard certificate.

Additionally, you can upload the rui.crt and rui.key files to your ESX host (using WinSCP) to the /etc/vmware/ssl/ path. Make sure you back these up too.

I then restarted my ESX 3.5 system, and it started to use the wildcard certificate as well.


As always, If you wish to use this method that I have seen success with, feel free to.
By using the methods I have described, you agree that I will not be held liable for any issues in your environment.

Enjoy.

Labels: VMware

I'm sure this has been around, but I just found it.


I enjoy watching 24, as well as any comparison of today's technology to yesterday's technology.


Watch the "Pilot" for 24, if it were pitched to the networks in 1994.

http://www.collegehumor.com/video:1788161

Labels: Comedy

Well I was looking at this blog post:
http://www.ntpro.nl/blog/archives/325-The-ultimate-ESX-3.5-white-box.html

And I thought... We've got one of those lying around.

So I figured I'd give it a try.

I added a supported nic, and was on my way. Then I realized that my D530 only had an IDE drive in it.

I installed ESX 3.5, and sure enough it griped because it didn't have any storage. On a positive note, the onboard nic was recognized by ESX. So I didn't even need to add a "supported" nic.

Well I didn't have any SATA drives or non-supported SATA RAID controllers.

So I looked at this VMTN forum post:
http://communities.vmware.com/thread/47225

To address some storage, without wanting to setup another box on the network, I followed the instructions from the PDF located in the thread: http://www.vmug.nl/downloads/VMWare_NFS_en_iSCSI.pdf

Thanks to Reinout Wijnveen for the instructions.

Despite the fact that I don't know Dutch, I was able to mull my way through the document. Sure enough, success!

Now I've got a "free" ESX test box. Keep in mind it isn't the fastest (with a 3.0 GHz P4, and 1GB of RAM), but I can "play" without having to touch our test or production environments.